{"vulnerability": "CVE-2026-41947", "sightings": [{"uuid": "31ab4f94-b943-4f20-b53a-d910931d9c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dtbyy3q2o", "content": "CVE-2026-41947 - Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints\nCVE ID : CVE-2026-41947\n \n Published : May 18, 2026, 3:16 p.m. | 55\u00a0minutes ago\n \n Description : Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authen...", "creation_timestamp": "2026-05-18T16:56:44.810872Z"}, {"uuid": "a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41947", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599714465595162", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41947 in langgenius Dify \u22641.14.1 lets editor users bypass tenant checks, redirecting app messages to attacker LLMs. Free self-registration increases risk. Restrict editor roles &amp; monitor configs. https://radar.offseq.com/threat/cve-2026-41947-authorization-bypass-through-user-c-da35e5dc #OffSeq #CVE202641947 #AppSec", "creation_timestamp": "2026-05-19T06:00:48.759805Z"}, {"uuid": "55597ebc-db70-4ebf-97d9-2d90e37ae9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mnuxvice4k2o", "content": "LLM\u30a2\u30d7\u30ea\u958b\u767a\u57fa\u76e4\u300cDify\u300d\u306b\u8907\u6570\u306e\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\n\u5927\u898f\u6a21\u8a00\u8a9e\u30e2\u30c7\u30eb\uff08LLM\uff09\u30a2\u30d7\u30ea\u958b\u767a\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u300cDify\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u3084\u8a2d\u5b9a\u306e\u6539\u3056\u3093\u306a\u3069\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\n\n...\n\n\u300cCVE-2026-41948\u300d\u306f\u3001Plugin\u30c7\u30fc\u30e2\u30f3\u306e\u300cREST API\u300d\u306b\u304a\u3044\u3066\u8ee2\u9001\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u64cd\u4f5c\u3067\u304d\u308b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u3002\u30c6\u30ca\u30f3\u30c8\u306eUUID\u3092\u628a\u63e1\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u3001\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3084\u30d5\u30a1\u30a4\u30eb\u540d\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u7d30\u5de5\u3057\u3066\u5185\u90e8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u3002\n\n\u300cCVE-2026-41947\u300d\u306f\u3001\u7de8\u96c6\u8005\u6a29\u9650\u306b\u304a\u3051\u308b\u8a8d\u53ef\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u3002\u30c8\u30ec\u30fc\u30b9\u8a2d\u5b9a\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u304a\u3051\u308b\u30c6\u30ca\u30f3\u30c8\u6240...", "creation_timestamp": "2026-06-09T19:53:31.495496Z"}]}